PT-2026-34878 · Unknown · Codechecker

Scott Tolley

Published

2026-04-24

Updated

2026-05-05

CVE-2026-25660

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CodeChecker versions prior to 6.27.4

Description An authentication bypass exists in CodeChecker, an analyzer tooling, defect database, and viewer extension for the Clang Static Analyzer and Clang Tidy. The issue occurs when the URL ends with Authentication in conjunction with certain function calls, allowing an attacker to assign arbitrary permissions to any existing user.

Recommendations Update to a version newer than 6.27.3.

Fix

Incorrect Authorization

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-290

Related Identifiers

CVE-2026-25660

GHSA-4V9X-CQC5-J645

Affected Products

Codechecker

PT-2026-34878 · Unknown · Codechecker

CVE-2026-25660

Weakness Enumeration

Related Identifiers

Affected Products

References · 5